Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits: 2e81fdd4 by Markus Koschany at 2023-10-03T02:37:46+02:00 CVE-2023-41115,exim4: Buster is not affected The external authenticator support was introduced later. https://git.exim.org/exim.git/commit/c4a8c663b74a35b547d8320547079ca56b3b772e - - - - - e21481ea by Markus Koschany at 2023-10-03T02:37:47+02:00 Triage CVE-2023-42117,CVE-2023-42119,exim4 as no dsa for Buster Minor issues - - - - - 9b9ab4e5 by Markus Koschany at 2023-10-03T02:37:47+02:00 Reserve DLA-3599-1 for exim4 - - - - - 3 changed files: - data/CVE/list - data/DLA/list - data/dla-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -505,6 +505,7 @@ CVE-2023-42119 [Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerabili - exim4 <unfixed> [bookworm] - exim4 <no-dsa> (Minor issue; use Exim4 with a trustworthy DNS resolver able to validate the data according to the DNS record types) [bullseye] - exim4 <no-dsa> (Minor issue; use Exim4 with a trustworthy DNS resolver able to validate the data according to the DNS record types) + [buster] - exim4 <no-dsa> (Minor issue; use Exim4 with a trustworthy DNS resolver able to validate the data according to the DNS record types) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1473/ NOTE: https://bugs.exim.org/show_bug.cgi?id=3033 NOTE: https://www.openwall.com/lists/oss-security/2023/09/29/5 @@ -520,6 +521,7 @@ CVE-2023-42117 [Exim Improper Neutralization of Special Elements Remote Code Exe - exim4 <unfixed> [bookworm] - exim4 <no-dsa> (Only an issue if Exim4 run behind an untrusted proxy-protocol proxy) [bullseye] - exim4 <no-dsa> (Only an issue if Exim4 run behind an untrusted proxy-protocol proxy) + [buster] - exim4 <no-dsa> (Only an issue if Exim4 run behind an untrusted proxy-protocol proxy) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1471/ NOTE: https://bugs.exim.org/show_bug.cgi?id=3031 NOTE: https://www.openwall.com/lists/oss-security/2023/09/29/5 @@ -532,6 +534,7 @@ CVE-2023-42116 [Exim SMTP Challenge Stack-based Buffer Overflow Remote Code Exec NOTE: https://www.openwall.com/lists/oss-security/2023/10/01/4 CVE-2023-42115 [Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability] - exim4 <unfixed> + [buster] - exim4 <not-affected> (External authenticator support was introduced later) NOTE: https://www.zerodayinitiative.com/advisories/ZDI-23-1469/ NOTE: https://bugs.exim.org/show_bug.cgi?id=2999 NOTE: https://www.openwall.com/lists/oss-security/2023/09/29/5 ===================================== data/DLA/list ===================================== @@ -1,3 +1,6 @@ +[02 Oct 2023] DLA-3599-1 exim4 - security update + {CVE-2023-42114 CVE-2023-42116} + [buster] - exim4 4.92-8+deb10u8 [01 Oct 2023] DLA-3598-1 libvpx - security update {CVE-2023-5217 CVE-2023-44488} [buster] - libvpx 1.7.0-3+deb10u2 ===================================== data/dla-needed.txt ===================================== @@ -60,9 +60,6 @@ dogecoin NOTE: 20230619: also I just referenced 3 older bitcoin-related CVEs to fix; NOTE: 20230619: dogecoin not present in bullseye/bookworm, so we lead the initiatives. (Beuc/front-desk) -- -exim4 (Markus Koschany) - NOTE: 20230928: Added by Front-Desk (ola) --- freeimage (gladk) NOTE: 20230826: Added by Front-Desk (utkarsh) NOTE: 20230826: Anton Gladky is the maintainer. Please sync with him about the View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ab624e7ba25919b37cdf4d30fa60790c6b7c4fbc...9b9ab4e5e605c4e60feb8dc63dbc1680e1d58e5f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ab624e7ba25919b37cdf4d30fa60790c6b7c4fbc...9b9ab4e5e605c4e60feb8dc63dbc1680e1d58e5f You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
